You are mixing authentication and authorization. Structures like AccessControl should be dealing with authorization, not authentication .. you choice of names .. emm ... leaves room for improvement. To learn more about the authorization in context of MVC, i would recommend to read this post.
Authentication, in context of MVC and MVC inspired design patterns, should be part of the model layer and handled by some form of Recognition service.
What you have on the code snipper looks a bot like code from controller's method, but it has several issues.
Ok .. lets pike apart to code:
The use of __autoload() function is not recommended. You should instead learn how to utilize spl_autoload_register() function. It would let you code to use multiple leaders.
Also, since release of 5.3, it is possible to use namespaces in PHP. In combination with autoloaders, it would let you better organize you code. Lately it is common practices to map project directory structures (at least partially) to namespaces.
The most known implementation would be PSR-0, though it should not be considered even close to ideal. It has some serious flaws, but it will make for a good example to illustrate use of namespaces in autoloading.
You should avoid use of new deep in the application call graph. This causes tight coupling to the name of class from which you are creating the new instance.
Instead your controller should have a factory injected into constructor, which then is responsible for initialization of new instances.
namespace Controller;
class Foo
{
protected $serviceFactory = null;
protected $view = null;
// --- SNIP ---
public function __construct( HasSomeFactoryInterface $factory, $view )
{
$this->serviceFactory = $factory;
$this->view = $view;
}
public function postLogin( $request )
{
$recognition = $this->serviceFactory->create('AccessControl');
// --- SNIP ---
}
Controller in MVC design pattern should only change the state of model layer and current view. It does not return anything nor passes data from model layer to view. You seem to confuse classical MVC, Model2 MVC, MVP, MVVP and the Rails parody of MVC pattern.
In the Model2 MVC (also known as Web MVC) design pattern the controller take the incoming user request, and, by passing data from said request to the respective parts of triad, changes their state.
namespace Controller;
class Foo
{
// --- SNIP ---
public function postLogin( $request )
{
$recognition = $this->serviceFactory->create('AccessControl');
$recognition->login( $request->getPost( 'username' ),
$request->getPost( 'password' ) );
$this->view->prepare( $request->getMethod() );
}
// --- SNIP ---
}
In this example view receives notification, that the POST request was received, which means, that, instead of generating HTML from several of templates, it has to only send HTTP header as a response.
To see a short overview about the MVC-related patterns, try this post.
If you are aiming for Model2 MVC design pattern, then view should retrieve information from model layer on its own. But all MVC-inspired design patterns view is supposed to be responsible for the presentation logic.
That also includes dealing with error state in model layer. Domain business logic has nothing to do with how view represents errors.